i need some advice, basically i have a application where users can register has normal customers, and inside the dashboard there is a option to register has author for a list of categories. A customer can be many authors.
So basically after registering/subscribing has a author in the custom dashboard appears a box of his author(s) that he created and after clicking it goes to a specifc dashbboard with different menu, etc.
My only issue is when i start create the permissions, for example i created a Middleware with the name of "author", so when someone try to access these pages it must be a author.
Middleware code:
public function handle($request, Closure $next)
{
if(isset($request->id) && auth()->check() && count(auth()->user()->authorsProfile) > 0){
return $next($request);
}
return redirect('/dashboard')->with("error","Only Authors Allowed");
}
example:
Route::group(['middleware' => ['auth','author']], function() {
//Dashboard
Route::get('authorsarea/{id}','AuthorController@dashboard')->name('author-dashboard');
});
So the second validation i need to make is inside the controllers, i need to check based on the ID if this author id belongs to the customer/user.
example:
public function dashboard($id)
{
$user = Auth::user();
$user_author = Author::find($id);
if($user_author->user_id != Auth::user()->id){
return back()->with("error","This Author is not you");
}
//Go to dashboard
return view('frontend.author.dashboard');
}
I feel that pasting alwasy this code and checking if this author belongs to the user doesnt feel quite clean, is there a better way than pasting always this code in each page controller where i try to access a private area of authors?
Or event if you guys feel that there is a completelly different way in doing all of this im open.
